Skip to content

wajeht/home-ops

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,515 Commits
.github
.github
 
 
apps
apps
 
 
docs
docs
 
 
infra
infra
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
.sops.yaml
.sops.yaml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
renovate.json
renovate.json
 
 

Repository files navigation

home-ops

Uptime Containers CPU Load RAM Swap Disk Temp

GitOps-driven homelab running on Docker Compose

Overview

flowchart LR
    subgraph triggers[Triggers]
        app_push([App: git push])
        ops_push([home-ops: git push])
        renovate([Renovate])
    end

    app_push --> ci[GitHub Actions] -->|build + push| ghcr[(GHCR)]
    ghcr -->|push image| github((GitHub))
    ci -->|update tag| github
    ops_push --> ci
    renovate -->|auto-merge| ci
    github -->|poll + api/sync | cf((Cloudflare)) -->|Cloudflare IPs only| unifi -->|:80/:443| traefik -->|proxy| docker_cd

    subgraph infra[Infra]
        subgraph dell[Dell OptiPlex 7050 Micro]
            docker_cd[docker-cd] -->|compose up| apps[apps/*]
            traefik[Traefik] -->|proxy| apps
            google_auth[Google Auth] -->|forward-auth| traefik
        end

        subgraph nas[Synology DS923+]
            nfs[(NFS)]
        end

        subgraph ucg[UniFi Cloud Gateway Ultra]
            unifi{{Firewall}}
        end

        subgraph pi[Raspberry Pi 5]
            adguard[AdGuard Home]
        end

        nfs -->|NFS| apps
        adguard -->|DNS| unifi
    end

    traefik -.->|DNS01| cf

    style triggers fill:#e8f4fd,stroke:#4a90d9
    style infra fill:#f0fdf4,stroke:#22c55e,stroke-width:2px
    style cf fill:#fde8d0,stroke:#f6821f,color:#333
    style github fill:#d1d5db,stroke:#24292e,color:#333
    style ghcr fill:#d1d5db,stroke:#24292e,color:#333
    style ci fill:#d1d5db,stroke:#24292e,color:#333
    style renovate fill:#d5d7f2,stroke:#1a1f6c,color:#333
    style adguard fill:#d4f0d7,stroke:#68bc71,color:#333
    style unifi fill:#cce0f5,stroke:#0559c9,color:#333
Loading

Push to git, docker-cd auto-deploys. It polls every 5 min or instantly via /api/sync webhook, auto-discovers all stacks in apps/, decrypts SOPS secrets, and deploys with rolling updates.

Traefik handles routing via Docker labels with auto SSL via Cloudflare DNS challenge. traefik-forward-auth provides Google OAuth protection.

Renovate keeps third-party deps updated (~60min via polling). Own images use docker-cd-deploy-workflow which triggers /api/sync for instant deploy (~1min).

All containers are hardened with dropped capabilities, resource limits, health checks, and log rotation. Borgmatic handles automated backups — 2 critical apps hourly, rest daily — with database dumps (8 Postgres + 19 SQLite), weekly integrity checks, and ntfy notifications.

Hardware

Device RAM Storage OS Function
Dell OptiPlex 7050 Micro (i7-7700) 32GB 1TB SSD Ubuntu 24.04 Docker Host
Raspberry Pi 5 + GeeekPi P33 NVMe PoE+ HAT 8GB 128GB SD Raspberry Pi OS AdGuard
Synology DS923+
    — WD Red Plus 8TB x2
    — Seagate IronWolf 12TB x2		 20GB 25TB SHR DSM NAS
UniFi Cloud Gateway Ultra 3GB 16GB UniFi OS Firewall
UniFi U6+ - - - WiFi 6 AP
SMLIGHT SLZB-MR3U - - - Zigbee GW
TP-Link TL-SG608P - - - PoE Switch
CyberPower 1500VA AVR - - - UPS

With all equipment connected: 69W idle @ 120V, 145 min UPS runtime, 50 kWh/mo (~$6/mo).

Docs

License

Distributed under the MIT License © wajeht. See LICENSE for more information.

About

GitOps-driven homelab running on Docker Compose

home.jaw.dev

Topics

docker docker-compose self-hosted traefik cicd homelab sops renovate gitops github-actions docker-cd

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors

Languages